我在2011年5月的
DBA StackExchange中回答了关于大规模杀死DB Connections的问题.
什么可以允许一个人在这种压力条件下登录mysql?答案很简单:不要给每个人超级特权!
为什么超级特权?
The SUPER privilege enables an account to use CHANGE MASTER TO, KILL
or mysqladmin kill to kill threads belonging to other accounts (you
can always kill your own threads), PURGE BINARY LOGS, configuration
changes using SET GLOBAL to modify global system variables, the
mysqladmin debug command, enabling or disabling logging, performing
updates even if the read_only system variable is enabled, starting and
stopping replication on slave servers, specification of any account in
the DEFINER attribute of stored programs and views, and enables you to
connect (once) even if the connection limit controlled by the
max_connections system variable is reached.
鉴于此,常规客户端连接不应具有SUPER权限.一旦达到DB连接数= max_connections,将只允许一个连接,并且一个连接必须具有SUPER权限.如果每个人和他的祖母都拥有SUPER特权,那么所有赌注都会被取消,没有人可以登录.
503
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
